Click here to load reader
Upload
amanda-hampton
View
214
Download
0
Embed Size (px)
DESCRIPTION
Secure Wire Protocol Client Private Key Server Private Key Client 1 Public Key Client 2 Public Key Encrypted Communications
Citation preview
SciDAC SSS Face-To-Face
Erik P. DeBenedictisFebruary 21, 2002
Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy under contract DE-AC04-94AL85000.
SciDAC SSSSecure Wire Protocol
andCplant Interface
XML & Browser
• Dual Mode– Accepts XML
• For machine-to-machine communications
– Accepts HTML-Embedded XML
• For testingand humaninteraction
<XML>
<XML>
GET /form?XML HTTP/1.0
<PRE>XML</PRE>
Secure Wire Protocol
ClientPrivate
Key
ServerPrivate
Key
Client 1 Public KeyClient 2 Public Key
Encrypted Communications
Example
Technology Employed
• C++• OpenSSL
– For security– 128 bit encryption RC4
• Certificates– Server– Client
• Stream XML parser– Wrote it ourselves– Doesn’t wait for close
• controversial
• UserID and Password– Server needs to log in
as user before executing command
– Not done now• Security Plan
– Can be written– Requires commitment– Unused modes of
access get closed by Sandia security in spite of security plans
XML Process Launcher
• Receive an XML encoded command via a web form.
• Parse the XML to extract the command
• SSL Encryption adds security.
Sequence of Server Actions
1) User establishes a HTTPS connection with Server.2) Server transmits a form with an XML command
framework filled in.3) User submits their command.4) Server receives XML & Parses it.5) Server walks the parse tree to determine appropriate
action.6) Server executes user request7) Server transmits results to user via HTTPS connection.
Simplified Interaction TimelineUser XML Web Server CPlant
Web form submission
execution
raw result
result formatted andreturned via browser
• What You See– XML
• A test schema– Encapsulated in HTML
Input
• What You See– Response to XML
command– Encapsulated in HTML
• Not Done Yet– Parsing and
encapsulating theresult
Output
Conclusions and Future Work
• Approach Works– Work devoted to C++,
SSL, XML SAX parser paid off
– Browser interface good• Demos• GUI to Cplant
– For wimps who don’t want to do everything with telnet
• Future control console
• Need Commitment– I can write a security
plan– But I will be asked “is it
necessary”– If I say “SourceForge
might work too” it won’t get approved
– Need a mandate to proceed
• Should do doable in this case